SQUID [RESOLVIDO]

1. SQUID [RESOLVIDO]

JOCEMIR GOMES
jocemir

(usa Red Hat)

Enviado em 28/11/2013 - 15:11h


pessoal,

tenho um proxy squid na minha rede, quando tento acessar qualquer tipo de site o mesmo mostra uma mensagem no acccess.log:

1141745294.708 0 192.168.1.253 TCP_DENIED/403 1372 CONNECT xxx.xxx.xx.xxx:10000 - NONE/- text/htm



Segue minha configuração do squid, obrigado a todos pela ajuda !!!


http_port 8080
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
#cache dir ufs /var/spool/squid 100 16 256
#cache_men 164 MB
cache_access_log /var/log/squid/access.log
auth_param basic children 5
auth_param basic realm squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl Safe_ports port 80 # http
acl Safe_ports port 53 # tcp
acl Safe_ports port 2631 # conectividade
acl Safe_ports port 21 # ftp
acl Safe_ports port 389 # lDP
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 110 # pop
acl Safe_ports port 587 # smtp
acl Safe_ports port 5900 # vnc
acl CONNECT method CONNECT
acl purge method PURGE
#
#
#################
#Redes SJT ######
#################
acl rede_sjt src 192.168.100.0/255.255.255.0
#
#
##########################
# Usuários da Rede SJT #####
##########################
acl jgomes-ti src 192.168.100.26
acl tjorge-ti src 192.168.100.45
#########################
# Rede Visitante DHCP ###
#########################
acl visitante0 src 192.168.100.233
acl visitante1 src 192.168.100.234
acl visitante2 src 192.168.100.235
acl visitante3 src 192.168.100.236
acl visitante4 src 192.168.100.237
##############################
# Servidores #################
##############################
acl sjtarq src 192.168.100.xxx
acl sjtsql src 192.168.100.xxx
acl win2008bkp src 192.168.100.xxx
#######################################
# Regras de negação e liberaçãç ######
#######################################
acl [*****] url_regex "/etc/squid/[*****]"
acl noporn url_regex "/etc/squid/noporn"
acl talk url_regex "/etc/squid/talk"
acl notalk url_regex "/etc/squid/notalk"
#
####################################
# Regras para bloquear downloads ###
####################################
## ACL que bloqueia Downloads com as seguintes extensões
acl downloads urlpath_regex ^ftp \.exe$ \.scr$ \vba$ \.pif$ \.avi$ \.mp3$ \.mlv$ \.mp2$ \.mp2v$ \.mpa$ \.mov$ \.mpe$ \.mpeg$ \.ogg$ \.pls$ \.ram$ \.snd$ \.wma$ \.wvx$ \.mid$ \.midi$ \.rmi$ \.img$ \.rar$ \.bin$ \.wav$ \.iso$
acl exe url_regex -i.*.exe$
acl scr url_regex -i.*.scr$
acl vbs url_regex -i.*.vbl$
acl pif url_regex -i.*.pif$
acl avi url_regex -i.*.avi$
acl mp3 url_regex -i.*.mp3$
acl mlv url_regex -i.*.mlv$
acl mp2 url_regex -i.*.mp2$
acl mp2v url_regex -i.*.mp2v$
acl mpa url_regex -i.*.mpa$
acl mov url_regex -i.*.mov$
acl mpe url_regex -i.*.mpe$
acl mpeg url_regex -i.*.mpeg$
acl mpg url_regex -i.*.mpg$
acl ogg url_regex -i.*.ogg$
acl pls url_regex -i.*.pls$
acl ram url_regex -i.*.ram$
acl ra url_regex -i.*.ra$
acl ram url_regex -i.*.ram$
acl snd url_regex -i.*.snd$
acl wma url_regex -i.*.wma$
acl wmv url_regex -i.*.wmv$
acl wvx url_regex -i.*.wvx$
acl mid url_regex -i.*.mid$
acl midi url_regex -i.*.midi$
acl rml url_regex -i.*.rmll$
acl img url_regex -i.*.img$
acl rar url_regex -i.*.rar$
acl zip url_regex -i.*.zip$
acl bin url_regex -i.*.bin$
acl wav url_regex -i.*.wav$
acl iso url_regex -i.*.iso$
acl nodownloads urlpath_regex \webmail.exe \.windowsupdate\.microsoft.com
########################
# Regras de acesso######
########################
#
http_access allow manager localhost
http_access deny manager
http_access allow PURGE localhost
http_access deny PURGE
#
########################################
# Inicio das Regras de acesso Empresa###
########################################
#
http_access allow localhost
http_access allow noporn
httpd_accel_port 21
#
#############################
# Usuários fora do bloqueio##
#############################
http_access allow sjtarq
http_access deny [*****]
http_access deny talk
#
##############################
# Usuários fora do bloqueio###
##############################
#
http_access allow jgomes-ti
http_access allow tjorge-ti
#
###########################################
# Libera o notalk para todos os Usuários ##
###########################################
#http_access allow notalk
#
############################
# Libera o Windows update ##
############################
#
http_access allow nodownloads
http_access allow SJTARQ
http_access allow SJTSQL
http_access allow WIN2008BKP
#
###################################
# Inicio do bloqueio de Downloads##
###################################
#
http_access deny downloads
http_access deny exe
http_access deny scr
http_access deny vbs
http_access deny pif
http_access deny avi
http_access deny mp3
http_access deny mlv
http_access deny mp2
http_access deny mp2v
http_access deny mpa
http_access deny mov
http_access deny mpe
http_access deny mpeg
http_access deny mpg
http_access deny ogg
http_access deny pls
http_access deny ram
http_access deny ra
http_access deny ram
http_access deny snd
http_access deny wma
http_access deny wmv
http_access deny wvx
http_access deny mid
http_access deny midi
http_access deny img
http_access deny rar
http_access deny zip
http_access deny bin
http_access deny wav
http_access deny iso
#
######################################################################
# Inicio do cadastro de usuários com acesso a internet sem Downloads##
######################################################################
#
#ttp_access allow jgomes-ti
#ttp_access allow tjorge-ti
###Visitantes#######
http_access allow visitante0
http_access allow visitante1
http_access allow visitante2
http_access allow visitante3
http_access allow visitante4
#
#
#############################
http_access deny all
http_reply_access allow all
icp_access allow all
visible_hostname FW-SJT
httpd_accel_host virtual
httpd_accel_host port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
#ie refresh on
# linguagem dos erros
error_directory /usr/share/squid/errors/Portuguese
logfile_rotate 10
coredump_dir /var/spool/squid



  


2. Re: SQUID [RESOLVIDO]

Buckminster
Buckminster

(usa Debian)

Enviado em 28/11/2013 - 16:48h

Esta ACL

acl rede_sjt src 192.168.100.0/255.255.255.0

deixe assim

acl rede_sjt src 192.168.100.0/24


#############################
http_access allow rede_sjt << acrescente essa ACl aqui.
http_access deny all

Faça as alterações, reinicie o Squid e teste.


Porque essas duas ACLs estão comentadas?

#cache dir ufs /var/spool/squid 100 16 256
#cache_mem 164 MB << aqui é cache_mem com 'm' e não com 'n'.

Segue site com os códigos de erros do Squid.
http://dhiogosantos.wordpress.com/2011/08/23/138/






Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts